Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [ISN] E-Gap Cuts Off Hacker Access
From: Aleph One (aleph1UNDERGROUND.ORG)
Date: Fri Jan 12 2001 - 09:48:55 CST
On Fri, Jan 12, 2001 at 08:53:13AM -0500, Ben Rothke wrote:
> The air-gap products got a lot of airplay on the firewall-wizards list some
> months back.
> Two comments that stand out in reference to the efficacy of air-gap products
> A firewall is a tunnel, an air gap is a tunnel. And a tunnel is a tunnel is
> a tunnel. Giving it another name doesnít mean it isnít the same.
> and Roger Marquis said so poignantly: A half-duplex datastream with
> pico-second turnaround, coupled with a micrometer gap between two fiber
> connectors doesn't make a product anymore or less secure than other
Well the one property that E-Gap does have that regular proxy firewalls
don't is that is composed of two systems. If the external systems gets
compromised its does not immediately mean the internal one will. You may
still find a vulnerability in the internal system via the application layer
(which you can do without breaking into the system) or you may find a
vulnerability in the transport layer that they use to shuffle requests
back and forth between the systems. This obviously depends on the
complexity of the protocol and the quality of its implementation.
With a regular proxy server once you break into it you would normally
find no problem to get at systems behind the proxy. The exception to
this may be systems that implement some type of compartmentalization
in which breaking into the external compartment does not mean getting
access to the internal one. This was mentioned in the firewall-wizards
list by one of the folks at Security Computing.
Of curse almost anyone can create their own E-Gap system but connecting
two systems via some type of point-to-point connection such as a serial
cable and writing some simple software to shuttle web requests, mail
messages, or files across the cable via a simple protocol.
Aleph One / aleph1underground.org
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
ISN is hosted by SecurityFocus.com
To unsubscribe email LISTSERVSecurityFocus.com with a message body of